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OSPF with Access List 
Lab 2: OSPF with access-list 
Lab exercise 

Your task is to configure the network in Figure 19-2 to allow full connectivity using OSPF. 
Router A is to block ICMP from Router C, and Router C is to deny any traffic on port 80. 
Please feel free to try the lab without following the lab walk-through section. 


Area 0 



Figure 19-2: OSPF with access-list 

Text written in monospaced type indicates commands that can be entered on the router. 

Purpose 

A three-router lab is the typical scenario you will face in the CCNA exam. You must be comfortable 
with configuring three routers with a basic config and then applying a routing protocol 
and access-list. 

Lab objectives 

1. Use the IP-addressing scheme depicted in Figure 19-2. 

2. Set telnet access for the router to use the local login permissions of username "banbury" 
and the password "ccna". 

3. Configure the "enable password" to be "cisco". 

4. Configure IP addressing on all three routers. 

5. Configure OSPF areas 0, 1, and 2. 

6. Add an access-list on the serial interfaces of both routers A and C. Router A is to block 
all ping traffic from network 192.168.2.0. Router C is to block all http traffic from 

any network. 

Lab walk-through 

1. Follow the configuration from the previous lab. 


2. Configure the access-lists on both Routers A and C and apply them to the serial interfaces. 





Route rA(config)# 

RouterA(config)#access-list 100 deny icmp 192.168.2.0 0.0.0.255 any 
RouterA(config)#access-Iist 100 permit ip any any 
RouterA(config)#interface serial 0 
RouterA(config-if)#ip access-group 100 in 

RouterC(config)#access-list 100 deny tcp any any eq 80 
RouterC(config)#access-list 100 permit ip any any 
RouterC(config)#ip http server 
RouterC(config)#interface serial 0 
RouterC(config-if)#ip access-group 100 in 

3. Telnet from Router A to Router C. A normal telnet will work. However, a telnet on port 
53 (DNS) will fail. 

Route rA#telnet 192.168.2.2 
Trying 192.168.2.2 ... Open 

User Access Verification 

Username: « Press Ctrl+Shift+6 (all together) and then "X" 

Route rA# 

RouterA#telnet 192.168.2.2 80 
Trying 192.168.2.2, 80 ... Open 

exit 

HTTP/1.0 501 Not Implemented 

Date: Mon, 01 Mar 1993 00:22:17 UTC 

Content-type: text/html 

Expires: Thu, 16 Feb 1989 00:00:00 GMT 


<H1>501 Not Implemented</Hl> 



[Connection to 192.168.2.2 closed by foreign host] 


4. Now ping Router A from Router C. The ping from the serial interface (the blocked network) 
will fail. A ping from loopback 0 (10.0.0.1) will however, work. 

RouterC#ping 192.168.1.1 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: 

U.U.U 

Success rate is 0 percent (0/5) 

RouterC#ping 
Protocol [ip]: 

Target IP address: 192.168.1.1 
Repeat count [5]: 

Datagram size [100]: 

Timeout in seconds [2]: 

Extended commands [n]: y 
Source address or interface: 10.0.0.1 
Type of service [0]: 

Set DF bit in IP header? [no]: 

Validate reply data? [no]: 

Data pattern [OxABCD]: 

Loose, Strict, Record, Timestamp, Verbose[none]: 

Sweep range of sizes [n]: 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: 

! 1111 

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/64 ms 
RouterC# 

Show runs 

RouterA#show run 
Building configuration... 




Current configuration : 900 bytes 


version 12.1 

no service single-slot-reload-enable 
service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
! 

hostname RouterA 
! 

enable secret 5 $l$rujI$BJ8GgiK8U9p5cdfXyApPr/ 
! 

username banbury password 0 ccna 
! 

ip subnet-zero 
! 

interface LoopbackO 
ip address 172.16.1.1 255.255.0.0 

! 

interface Loopbackl 
ip address 172.20.1.1 255.255.0.0 

! 

interface EthernetO 
no ip address 
shutdown 

! 

interface SerialO 

ip address 192.168.1.1 255.255.255.252 
ip access-group 100 in 

! 

interface Seriall 
no ip address 


shutdown 



router ospf 20 
log-adjacency-changes 
network 172.16.0.0 0.0.255.255 area 1 
network 192.168.1.0 0.0.0.3 area 0 

! 

ip classless 
no ip http server 
! 

access-list 100 deny icmp 192.168.2.0 0.0.0.255 any 
access-list 100 permit ip any any 
! 

line con 0 
password letmein 
login 
line 1 8 
line aux 0 
line vty 0 4 
login local 

! 

end 


RouterB#show run 
Building configuration... 

Current configuration : 827 bytes 
! 

version 12.1 

no service single-slot-reload-enable 
service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 


hostname RouterB 



enable secret 5 $l$oXft$UMJZc/BQzbfpeHVCApF3H0 


username banbury password 0 ccna 
! 

ip subnet-zero 
! 

interface LoopbackO 
ip address 172.30.1.1 255.255.0.0 

! 

interface Loopbackl 
ip address 172.31.1.1 255.255.0.0 

! 

interface EthernetO 
no ip address 
shutdown 

! 

interface SerialO 

ip address 192.168.1.2 255.255.255.252 
clockrate 64000 

! 

interface Seriall 

ip address 192.168.2.1 255.255.255.252 
clockrate 64000 

! 

router ospf 20 
log-adjacency-changes 
network 192.168.1.0 0.0.0.3 area 0 
network 192.168.2.0 0.0.0.3 area 0 

! 

ip classless 
no ip http server 
! 

line con 0 
password letmein 



login 

line aux 0 


line vty 0 4 
login local 

! 

end 

RouterB# 


RouterC#show run 
Building configuration... 

Current configuration: 

! 

version 11.3 

service timestamps debug uptime 
service timestamps log uptime 
no service password-encryption 
! 

hostname RouterC 
! 

enable secret 5 $l$lAZx$UzhYsYIIpc7I4vJI3ZI4U. 
! 

username banbury password 0 cisco 
ip subnet-zero 
! 

! 

interface LoopbackO 
ip address 10.0.0.1 255.255.0.0 

! 

interface EthernetO 
no ip address 


shutdown 



interface SerialO 

ip address 192.168.2.2 255.255.255.252 
ip access-group 100 in 
no ip mroute-cache 

! 

interface Seriall 
no ip address 
shutdown 

! 

router ospf 20 

network 10.0.0.0 0.0.255.255 area 2 
network 192.168.2.0 0.0.0.3 area 0 

! 

ip classless 
! 

access-list 100 deny tcp any any eq www 
access-list 100 permit ip any any 
! 

line con 0 
line 1 16 
line aux 0 
line vty 0 4 
login local 

! 

end 

RouterC# 


lulu hi. houitonetuiork. 
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